From f396354566e62d53df88d60e7cc456e5f0fbc4cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petar=20Vujovi=C4=87?= Date: Tue, 13 Aug 2024 04:41:29 +0200 Subject: [PATCH 1/4] fix(bonsai): handle error unwraping gracefully (#339) --- provers/risc0/driver/src/bonsai.rs | 56 +++++++++++++++++++----------- 1 file changed, 35 insertions(+), 21 deletions(-) diff --git a/provers/risc0/driver/src/bonsai.rs b/provers/risc0/driver/src/bonsai.rs index 591aeb0d1..e0dd9173c 100644 --- a/provers/risc0/driver/src/bonsai.rs +++ b/provers/risc0/driver/src/bonsai.rs @@ -1,7 +1,7 @@ use log::{debug, error, info, warn}; use raiko_lib::{ primitives::keccak::keccak, - prover::{IdWrite, ProofKey}, + prover::{IdWrite, ProofKey, ProverError, ProverResult}, }; use risc0_zkvm::{ compute_image_id, is_dev_mode, serde::to_vec, sha::Digest, Assumption, ExecutorEnv, @@ -46,7 +46,7 @@ pub async fn verify_bonsai_receipt( } } - let res = res.unwrap(); + let res = res.ok_or_else(|| ProverError::GuestError("No res!".to_owned()))?; if res.status == "RUNNING" { info!( @@ -67,7 +67,10 @@ pub async fn verify_bonsai_receipt( .verify(image_id) .expect("Receipt verification failed"); // verify output - let receipt_output: O = receipt.journal.decode().unwrap(); + let receipt_output: O = receipt + .journal + .decode() + .map_err(|e| ProverError::GuestError(e.to_string()))?; if expected_output == &receipt_output { info!("Receipt validated!"); } else { @@ -137,17 +140,19 @@ pub async fn maybe_prove (Default::default(), receipt, false), + Err(e) => { + warn!("Failed to prove locally: {e:?}"); + return None; + } + } }; info!("receipt: {receipt:?}"); @@ -233,7 +238,7 @@ pub fn prove_locally( elf: &[u8], assumptions: Vec, profile: bool, -) -> Receipt { +) -> ProverResult { debug!("Proving with segment_limit_po2 = {segment_limit_po2:?}"); debug!( "Input size: {} words ( {} MB )", @@ -260,14 +265,23 @@ pub fn prove_locally( let segment_dir = PathBuf::from("/tmp/risc0-cache"); if !segment_dir.exists() { - fs::create_dir(segment_dir.clone()).unwrap(); + fs::create_dir(segment_dir.clone()).map_err(|e| ProverError::FileIo(e))?; } - let env = env_builder.segment_path(segment_dir).build().unwrap(); - let mut exec = ExecutorImpl::from_elf(env, elf).unwrap(); - - exec.run().unwrap() + let env = env_builder + .segment_path(segment_dir) + .build() + .map_err(|e| ProverError::GuestError(e.to_string()))?; + let mut exec = + ExecutorImpl::from_elf(env, elf).map_err(|e| ProverError::GuestError(e.to_string()))?; + + exec.run() + .map_err(|e| ProverError::GuestError(e.to_string()))? }; - session.prove().unwrap().receipt + let receipt = session + .prove() + .map_err(|e| ProverError::GuestError(e.to_string()))? + .receipt; + Ok(receipt) } pub fn load_receipt( From 4235d326140bb4f695ec63425b160adad1df645b Mon Sep 17 00:00:00 2001 From: Roger <50648015+RogerLamTd@users.noreply.github.com> Date: Tue, 13 Aug 2024 18:08:38 -0700 Subject: [PATCH 2/4] feat(docs): check epc size instructions and script (#342) * add script for checking epc size * add instructions in doc * more info --- docs/README_Docker_and_RA.md | 4 +++- script/check-epc-size.sh | 17 +++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 script/check-epc-size.sh diff --git a/docs/README_Docker_and_RA.md b/docs/README_Docker_and_RA.md index b00ee6980..3d296beb6 100644 --- a/docs/README_Docker_and_RA.md +++ b/docs/README_Docker_and_RA.md @@ -6,6 +6,8 @@ This tutorial was created to assist you in setting up Raiko and its SGX dependen We recommended 4 cores and 8GB memory for running Raiko. 8 cores and 16GB memory is ideal; the bare minimum is 2 cores and 4GB memory (tentative). +We also recommend an EPC (Enclave memory) size of 4GB for mainnet, to prevent OOM errors. You can check your machine's EPC size by running `./script/check-epc-size.sh`. + ## Prerequisites Intel SGX is a technology that involves a considerable amount of configuration. Given its high level of configurability, the setup of your infrastructure may vary significantly depending on the attestation type (EPID, ECDSA) and other parameters. While we've strived to minimize the manual effort required to prepare the development environment, there are certain prerequisites that are challenging, if not impossible, to automate using Dockerfiles. This section outlines these prerequisites. @@ -182,7 +184,7 @@ Currently Supported FMSPCs (on Hekla): - 30606A000000 - 00706A100000 -Please reach out to us in [discord](https://discord.com/invite/taikoxyz) channels if your machine doesn't have a listed FMSPC, if you've done the bootstrap process and obtained a quote we can try adding them to the On Chain RA process. We can't guarantee all FMSPCs will work, so you might have to switch machines. +Please reach out to us in [discord](https://discord.com/invite/taikoxyz) channels or create an issue on Github if your machine doesn't have a listed FMSPC, if you've done the bootstrap process and obtained a quote we can try adding them to the On Chain RA process. We can't guarantee all FMSPCs will work, so you might have to switch machines. **Please include your FMSPC, CPU and your machine's EPC Size in the Github issue! This helps us decide whether the machine/FMSPC is a suitable candidate to add.** > **_NOTE:_** At the moment, we are aware of three cloud providers who offer compatible SGX machines: [*Tencent Cloud*](https://www.tencentcloud.com/document/product/213/45510), Alibaba Cloud and Azure. (Tencent Cloud is one of our ecosystem partners!) Specifically, Tencent Cloud's `M6ce` model, Alibaba Cloud's `g7t` model support `SGX-FMSPC 00606A000000` and Azure's `confidential compute` machines support `SGX-FMSPC 00906ED50000`. > diff --git a/script/check-epc-size.sh b/script/check-epc-size.sh new file mode 100644 index 000000000..1ba060f8c --- /dev/null +++ b/script/check-epc-size.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash + +# Run dmesg and filter for EPC section +epc_line=$(sudo dmesg | fgrep EPC) + +# Extract the start and end addresses using regex +if [[ $epc_line =~ 0x([0-9a-fA-F]+)-0x([0-9a-fA-F]+) ]]; then + start_address=0x${BASH_REMATCH[1]} + end_address=0x${BASH_REMATCH[2]} + + # Calculate the EPC size in GB using Python + epc_size_gb=$(python3 -c "print(($end_address - $start_address) / 1024 ** 3)") + + echo "EPC Size: $epc_size_gb GB" +else + echo "EPC section not found in dmesg output." +fi From b901ce6742888552a502ba62b0b179f91588f4e0 Mon Sep 17 00:00:00 2001 From: Roger <50648015+RogerLamTd@users.noreply.github.com> Date: Tue, 13 Aug 2024 18:09:00 -0700 Subject: [PATCH 3/4] feat(repo): ignore changes to docs for build (#343) * feat(repo): ignore changes to docs for build * ignore docs openapi workflow --- .github/workflows/ci-all.yml | 2 ++ .github/workflows/openapi-deploy.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/ci-all.yml b/.github/workflows/ci-all.yml index dd39656fe..0a1130276 100644 --- a/.github/workflows/ci-all.yml +++ b/.github/workflows/ci-all.yml @@ -7,11 +7,13 @@ on: - "host/**" - "lib/**" - "script/**" + - "!docs/**" pull_request: paths: - "host/**" - "lib/**" - "script/**" + - "!docs/**" merge_group: env: diff --git a/.github/workflows/openapi-deploy.yml b/.github/workflows/openapi-deploy.yml index 01c47cb86..2e01cea6e 100644 --- a/.github/workflows/openapi-deploy.yml +++ b/.github/workflows/openapi-deploy.yml @@ -3,6 +3,8 @@ name: OpenAPI on: push: branches: ["main"] + paths-ignore: + - "docs/**" pull_request: merge_group: From 5526cc04ae5b2c4b9d31d59f56e7e8bb68c75668 Mon Sep 17 00:00:00 2001 From: smtmfft <99081233+smtmfft@users.noreply.github.com> Date: Wed, 14 Aug 2024 12:42:12 +0800 Subject: [PATCH 4/4] fix(raiko): revert v1 response back to previous format (#340) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * revert v1 response back to previous format * fix clippy Signed-off-by: smtmfft * Update host/src/server/api/v1/proof.rs Co-authored-by: Petar Vujović * Update host/src/server/api/v1/proof.rs Co-authored-by: Petar Vujović * Update host/src/server/api/v1/proof.rs Co-authored-by: Petar Vujović --------- Signed-off-by: smtmfft Co-authored-by: Petar Vujović --- host/src/server/api/v1/proof.rs | 17 ++++++++++++++--- lib/src/prover.rs | 2 +- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/host/src/server/api/v1/proof.rs b/host/src/server/api/v1/proof.rs index 8e5ba75ae..5bc1725cd 100644 --- a/host/src/server/api/v1/proof.rs +++ b/host/src/server/api/v1/proof.rs @@ -1,6 +1,5 @@ use axum::{debug_handler, extract::State, routing::post, Json, Router}; use raiko_core::interfaces::ProofRequest; -use raiko_lib::prover::Proof; use raiko_tasks::get_task_manager; use serde_json::Value; use utoipa::OpenApi; @@ -9,9 +8,12 @@ use crate::{ interfaces::HostResult, metrics::{dec_current_req, inc_current_req, inc_guest_req_count, inc_host_req_count}, proof::handle_proof, + server::api::v1::Status, ProverState, }; +use super::ProofResponse; + #[utoipa::path(post, path = "/proof", tag = "Proving", request_body = ProofRequestOpt, @@ -31,7 +33,7 @@ use crate::{ async fn proof_handler( State(prover_state): State, Json(req): Json, -) -> HostResult> { +) -> HostResult> { inc_current_req(); // Override the existing proof request config from the config file and command line // options with the request from the client. @@ -57,7 +59,16 @@ async fn proof_handler( dec_current_req(); e }) - .map(Json) + .map(|proof| { + dec_current_req(); + Json(Status::Ok { + data: ProofResponse { + output: None, + proof: proof.proof, + quote: proof.quote, + }, + }) + }) } #[derive(OpenApi)] diff --git a/lib/src/prover.rs b/lib/src/prover.rs index a854409eb..1266d5c49 100644 --- a/lib/src/prover.rs +++ b/lib/src/prover.rs @@ -29,7 +29,7 @@ pub type ProofKey = (ChainId, B256, u8); #[derive(Debug, Serialize, ToSchema, Deserialize, Default)] /// The response body of a proof request. pub struct Proof { - /// The ZK proof. + /// The proof either TEE or ZK. pub proof: Option, /// The TEE quote. pub quote: Option,